Cybersecurity

Tesla confirmed earlier this week that hackers have compromised its cloud computing platform. According to RedLock, a cloud security company, the carmaker’s Amazon Web Services environment had been breached to mine cryptocurrency. Tesla assured the public that the issue, which only affected internally used engineering test cars, was addressed within hours and no customer data had been stolen. RedLock said that the hackers were able to avoid detection by keeping computing power usage low and masking their Internet Protocol (IP) address with CloudFlare’s content delivery network service. Source: BBC

Last weekend, game developer FlightSimLabs apologized for including a Chrome password dump tool in its FSLabs A320-X game installer. The suspicious file had already been flagged as a virus by a number of antivirus products. A Reddit user discovered that a file called test.exe which comes from http://securityxploded.com was included in the installer package. The tool also runs with administrative rights on Windows Vista and later versions. However, FSLabs founder Lefteris Kalamaras pointed out that the tool was meant to counter password crackers that attempt to bypass the software’s DRM system with offline key generators. Kalamaras added that they decided […]

It was reported earlier this week that security researchers had sent “friendly warnings” to clients of Amazon servers who had left their storage unprotected. Around 50 alerts had been posted and many had received more than one warning. One such security researcher named Robbie Wiggins said that he regularly seek out and notify organizations who have their data exposed and revealed that while some had sent him monetary rewards, others did not even bother to put up contact details. It was noted that in the past 18 months, companies such as Uber, Verizon, Alteryx, the WWE, Dow Jones and three […]

Last Tuesday, a security researcher from Digita Security revealed the details of a Mac remote access trojan in a blog post. The malware apparently had been overlooked by antivirus manufacturers for two years. Chief research officer Patrick Wardle said that the Coldroot trojan is able to access the inner levels of the operating system to gain full remote control of the system as if the attacker were using the computer in person. The malware, which can also steal passwords and alter files, is often disguised as a document which asks the user for his password once opened. It also modifies […]

In a speech last Monday at the University of Lisbon, U.N. Secretary General Antonio Guterres stressed the for global rules on cyber warfare to minimize the impact of such attacks on civilians. Guterres said that cyberwarfare already exists, however, there is no scheme in place to regulate it and it is unclear how the Geneva Convention or international humanitarian law applies to it. Guterres added that the UN can be a platform where scientists to governments could work out such rules “to guarantee a more humane character” conflicts involving information technology. He also called on professors and engineers to contribute, […]

It was reported that since February 15 this year, Intel now has 32 lawsuits over the Meltdown-Spectre vulnerabilities found in its processors, and more are expected to be filed within the next few months. It is said that various groups are seeking monetary damages and equitable relief for Intel’s omissions and mishandling of the security vulnerabilities. Intel had previously released updates that caused a number of issues including random reboots and in some cases, data loss. Tree lawsuits were also filed in relation to the $24 million stock sale made by Intel CEO Brian Krzanich two months before the disclosure […]

Researchers from Princeton University and an expert from Nvidia have developed a new tool which they used to discover new attacks on the Meltdown and Spectre CPU bugs. Researchers Caroline Trippel, Daniel Lustig, and Margaret Martonosi detailed in their paper new attack variants they called MeltdownPrime and SpectrePrime which use two-cores against each other, as well as the CPU’s memory caches to access privileged information on an application as it executes. The researchers said that the discovery is likely to prompt Intel to rethink their already problematic mitigations. Source: ZDNet

In a blog post this week, Google’s Chris Bentzel revealed that Chrome will now be blocking non-CBA approved ads automatically. A survey composed of 40,000 respondents from US and Europe established that ads which hide a large portion of the page, as well as full page and flashing animated ads were considered to be “disruptive” and are not up to Better Ads Standards. Chrome will then notify the user if such an ad had been blocked. According to Campaign magazine editor Emily Tan, the advertising industry initially thought that Google would be blocking ads across the board, but is now […]

Last Thursday, the UK accused Russia of being responsible for the NotPetya cyberattacks which debilitated computer systems which led to widespread disruptions in both the public and private sectors. Junior minister at the foreign ministry Tariq Ahmad called on Russia to stop its covert undermining efforts against the international community and instead be a responsible member of it. However, sources have said that London’s statement had been coordinated with along with the US’, with other countries to follow suit within the next few days. In response, Kremlin spokesman Dmitry Peskov called the accusations “groundless” and was nothing but a continuation […]

China’s ZTE corporation said last Thursday that it is a “trusted partner” of its customers in the US. The statement was made in light of recent security concerns issued by lawmakers and intelligence experts on Chinese espionage via its telecommunications companies. Huawei and ZTE got singled out by senators including Senate Intelligence Committee chair Sen. Richard Burr who suspected ties between the companies and the Chinese government. Both companies had already been investigated in 2012 for providing equipment that could be used for foreign espionage on critical US infrastructure. However, a ZTE spokesperson responded and said that the publicly traded […]

Subscribe to Elegal

Contact Us

Need more information on Philippine laws and legal updates? Contact us at elegal@disini.ph

About Us

This blog is the embodiment of a vision we have at Disini & Disini (D&D) of an IT empowered citizenry where we, as a people, harness information available through the internet to bridge the gaps where there may be lapses. As part of our advocacy, we take full advantage of the accessibility of cyberspace by developing this blog.